Re: [PacketFence-users] customizing security event email notifications

[lists via PacketFence-users]

On 10-2-2020 14:25, Nicolas Quiniou-Briand via PacketFence-users wrote:

Hello MJ,

HTML files are generated from MJML files using a Makefile in yout Git 
repository. Unless you know how to re-generate HTML files from MJML 
files, you should edit HTML files.


Thanks!

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] customizing security event email notifications

[lists via PacketFence-users]

Super, I found it! Edited the mjml file.

Thanks!

On 4-2-2020 13:28, Nicolas Quiniou-Briand via PacketFence-users wrote:

Hello MJ,

On 04/02/2020 10:39, lists via PacketFence-users wrote:
We could of course customize the files there, but we are unsure how 
well this would work with packetfence updates. Plus: do we edit the 
html or the mjml file? Or both? Can this be done from the GUI?


You can directly edit HTML files on your connection profile using 
"Files" tab. These files will be created in a dedicated directory and 
will not cause issue after an upgrade. I will give you an answer later 
regarding MJML or HTML files.



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] customizing security event email notifications

[lists via PacketFence-users]

Hi,

We have defined some triggers to isolate and notify endusers, based on 
the default templates under 
/usr/local/pf/html/captive-portal/templates/emails


We could of course customize the files there, but we are unsure how well 
this would work with packetfence updates. Plus: do we edit the html or 
the mjml file? Or both? Can this be done from the GUI?


But the real question: how to edit the templates that are used for email 
notifications that persist through packetfence upgrades?


(we have read the administration guide, but it does not seem to mention 
this..?)


Thanks!

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Inverse.ca Certificate problem

[lists via PacketFence-users]

Hi Uzzi,

It looks fine from my point of view.

https://www.sslshopper.com/ssl-checker.html#hostname=https://inverse.ca/downloads/GPG_PUBLIC_KEY

MJ

On 3-2-2020 11:36, Andrea Lenarduzzi via PacketFence-users wrote:
I've add http://inverse.ca/downloads/PacketFence/debian stretch to 
/etc/apt/sources.list.d/packetfence.list, then wget -O - 
https://inverse.ca/downloads/GPG_PUBLIC_KEY -> Certificate Error


Whow can I fix it?

Regards
Uzzi


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] bug reg/unreg state in the pf admin..?

[lists via PacketFence-users]

Hi,

Not sure to consider it a bug or not, but we noticed using the ZEG 9.2 
(inline mode) that when:


- search a node
- set it to unreg
- save
- brought back to the search results, with:
- device listed correctly as unreg

- go to the actual physical device
- go through the registration process so it becomes reg again

- back to pf admin
- device still displays as reg (fine, because page not refreshed)
- open the device details
- the device is still unreg (unlogical, and perhaps wrong)
and even:
- click search button again
- open the device
- STILL unreg (wrong, never refreshed from database)

To get correct result, you need to press the reload in the browser 
window (browser tool bar button)

- and finally: a reg state

Perhaps that the ACTUAL state should be refreshed from the database 
every time when opening a device details..?


MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] interesting difference between pf on debian vs centos

[lists via PacketFence-users]

Hi,

Sometimes you want to get rid of all old pf logs, and see just new log 
lines as they are generated.


I always:
- service rsyslog stop
- rm -f /usr/local/pf/logs/*
- service rsyslog start
- tail -f /usr/local/pf/logs/*

On CentOS this works as expected.

However, on debian this causes all old log lines to re-appear in the pf 
logs directory. All log files/lines of the last days are re-generated, 
so you end up with basically the same contents of the logs directory as 
before the the purge.


Very strange. Not a real problem, I guess, just an interesting 
difference :-)


MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] install on debian faq

[lists via PacketFence-users]

Hi,

Here in the debian install FAQ:

https://packetfence.org/support/faq/how-to-install-packetfence-on-debian.html

we can read to do:

apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4

but after doing that, apt still complains:

Get:5 http://inverse.ca/downloads/PacketFence/debian stretch InRelease [4,478 B]
Err:5 http://inverse.ca/downloads/PacketFence/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not 
available: NO_PUBKEY CB2D3A2AA0030E2C
Fetched 4,478 B in 0s (9,891 B/s)
Reading package lists... Done


In the Install Guide
> https://packetfence.org/doc/PacketFence_Installation_Guide.html
we find different instructions, namely:

wget -O - https://inverse.ca/downloads/GPG_PUBLIC_KEY | apt-key add -


Should the faq be updated..?

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 9.1 clean install problem

[lists via PacketFence-users]

Hi Szél,

Just to make sure:

after having done all the below, you DID also go through the configurator?

Because that will configure the database access, credentials, etc, etc?

https://@ip_of_packetfence:1443/configurator

MJ

On 21-10-2019 18:12, Szél Gábor via PacketFence-users wrote:

Hi MJ,

we tried again with clean install, the next steps:

- VM on Proxmox (KVM, 8 core, 16Gb RAM, 3 disk for VM)
- boot from curren debian 9 netinstall ISO
- one network interface, static IP address
- use deutschland debian APT mirrors (but prev. installs I used 
Hungarian mirrors)

- seperated mount points for /, /var, /usr (20G, 30G, 20G), ext4 FS
- with installer tools install "standard system utilities" and SSH 
server, no other

- debian installer finish, reboot
- apt-get install dirmngr (it has been installed previous installations!)
- add inverse, repository, keys and apt update|upgrade
- last step, apt-get install packetfence
- waiting ... :)
- after ~10 minutes, apt "finished", but packetfence packate 
installation is broken.


I have no idea, this is very simple task, I don't understand the mistakes.

I'll attach some logs:
- installer console log - https://megosztasom.hu/s/ZRbq7TgyMeDFaz2
- syslog - https://megosztasom.hu/s/cWM6rPbMGRWGMKm
- packetfence.log - https://megosztasom.hu/s/Q2sj6nAxAp58KzS


When you look at the logs, you see myssql error.
I think this is a main problem, the packetfence package installer not 
setting mysql.

No database, no user, nothing.

--
Üdvözlettel,
Szél Gábor

WanTax Kft.

tel.: +36 20 3838 171
fax: +36 82 357 585
email:gabor.s...@wantax.hu
web:http://wantax.hu
web:http://halozatom.hu


2019. 10. 21. 13:45 keltezéssel, lists via PacketFence-users írta:

Hi Szél Gábor,

Just for the record: just did a 9.1 test install, using fresh minimal 
debian 9, and the instructions on 
https://packetfence.org/support/faq/how-to-install-packetfence-on-debian.html


Instructions are missing a step:
> apt-get install dirmngr

During the install, there were many errors like:

Could not write namespace resource::all_cluster_hosts() to L2 cache !
Could not write namespace resource::all_cluster_servers() to L2 cache !
.
Could not write namespace interfaces::management_network() to L2 cache !


But everything installed fine, and the configurator was listening.

Step 2, Networks:
This was the usual frustrating experience, with interfaces often 
loosing their configured type & configuration, after edits in another 
interface, so you are forced to keep making the same edits, before 
being able to click next. But it basically does work.


Step 3, Database:
- click test, and were offered to set a mysql root password
- provided *again* the root password, and it created the pf database
- also the user pf was created successfully

The rest was just next, next, and everything worked perfectly.

So your problem is something specific to what you are doing, and the 
procedure works fine. Only complaint, being: it would be nice if the 
network configuration step would behave a bit more consistantly...


MJ

On 18-10-2019 21:39, Szél Gábor via PacketFence-users wrote:

I think this is a normal way.
But, I dont know what is wrong on my install.
We dont install any package, only default clean install. We dont make 
any settings.
After debian clean installation we add packetfence APT repo, and a 
try to install packetfence with apt.


I think current packetfence debian package is broken :(

I was trying to find an older packetfence debian package, but I 
couldn't find it.





___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 9.1 clean install problem

[lists via PacketFence-users]

Hi Szél Gábor,

Just for the record: just did a 9.1 test install, using fresh minimal 
debian 9, and the instructions on 
https://packetfence.org/support/faq/how-to-install-packetfence-on-debian.html


Instructions are missing a step:
> apt-get install dirmngr

During the install, there were many errors like:

Could not write namespace resource::all_cluster_hosts() to L2 cache !
Could not write namespace resource::all_cluster_servers() to L2 cache !
.
Could not write namespace interfaces::management_network() to L2 cache !


But everything installed fine, and the configurator was listening.

Step 2, Networks:
This was the usual frustrating experience, with interfaces often loosing 
their configured type & configuration, after edits in another interface, 
so you are forced to keep making the same edits, before being able to 
click next. But it basically does work.


Step 3, Database:
- click test, and were offered to set a mysql root password
- provided *again* the root password, and it created the pf database
- also the user pf was created successfully

The rest was just next, next, and everything worked perfectly.

So your problem is something specific to what you are doing, and the 
procedure works fine. Only complaint, being: it would be nice if the 
network configuration step would behave a bit more consistantly...


MJ

On 18-10-2019 21:39, Szél Gábor via PacketFence-users wrote:

I think this is a normal way.
But, I dont know what is wrong on my install.
We dont install any package, only default clean install. We dont make 
any settings.
After debian clean installation we add packetfence APT repo, and a try 
to install packetfence with apt.


I think current packetfence debian package is broken :(

I was trying to find an older packetfence debian package, but I couldn't 
find it.





___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help : Fail to start Packet fence service

[lists via PacketFence-users]

Hi,

No expert, but:

On 19-7-2019 11:12, adr.lebron--- via PacketFence-users wrote:
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - please define exactly one 
management interface
juil. 17 14:28:43 debian pfcmd[4448]: WARNING - internal network(s) not 
defined!
juil. 17 14:28:43 debian pfcmd[4448]: FATAL - Unable to connect to your 
database. Please verify your connection settings in conf/pf.conf and 
make sure that it is started.


It seems to me that you should address these three issues, and then try 
again..? Perhaps the most important (and easy to solve) one is database 
access as user pf.


Goodluck!

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] dhcp domain-search option

[lists via PacketFence-users]

Hi,

We would like to provide a dhcp domain-search option for our packetfence 
(7.1) inline clients.


The gui only allows for a dhcp ip range to be set.

Is it possible to provide a search option somewhere?

MJ


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] iptables.conf customisation

[lists via PacketFence-users]

Hi Fabrice,

On 20-2-2018 0:40, Durand fabrice via PacketFence-users wrote:

mark match 0x1 mean the devices that are registered. (cf ipset -L).

So check if unreg devices are still redirect to the portal.


Just verified that, and this still works.

Thanks!

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] iptables.conf customisation

[lists via PacketFence-users]

Hi,

We are trying to specifically allow only certain traffic from our 
forward-internal-inline-if interface, and have edited our iptables.conf 
accordingly:



root@packetfence:/usr/local/pf# iptables -L forward-internal-inline-if -n 
--line-numbers
Chain forward-internal-inline-if (1 references)
num  target prot opt source   destination
1ACCEPT tcp  --  10.19.0.0/16 0.0.0.0/0tcp dpt:8331
.
11   ACCEPT tcp  --  10.19.0.0/16 0.0.0.0/0tcp dpt:443
12   ACCEPT udp  --  10.19.0.0/16 0.0.0.0/0udp dpt:53
13   ACCEPT all  --  0.0.0.0/00.0.0.0/0mark match 
0x1
14   DROP   all  --  0.0.0.0/00.0.0.0/0
root@packetfence:/usr/local/pf#


However, after loading these rules (pfcmd service iptables restart) we 
could still access everything. This is probably because of rule #13, 
which presumably was added by packetfence itself. (at least: we think we 
did not add it...)


So we simply deleted rule #13, and our own final DROP line kicked in. 
Firewalling works now, but we are not sure if it was smart to kick out 
rule #13 with the ACCEPT for mark match 0x1


Can anyone tell us the negative side effects (if any) from simply 
deleting rule #13?


MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] firewalling for inline on the packetfence server

[lists via PacketFence-users]

Hi Fabrice,

On 16-1-2018 14:54, Fabrice Durand via PacketFence-users wrote:

Hello,

you can play with iptables.conf in the conf directory in order to add
your custom rules.


So, in the case of limiting outgoing traffic for inline nat clients to 
http/https/dns, do you mean adding lines something like this:



:input-internal-inline-if - [0:0]
# OUR OWN RULES HERE:
-A -A input-internal-inline-if --protocol tcp --match tcp --dport 80  --jump 
ACCEPT
-A -A input-internal-inline-if --protocol tcp --match tcp --dport 443  --jump 
ACCEPT
-A -A input-internal-inline-if --protocol udp --match udp --dport 53  --jump 
ACCEPT

 # DHCP:
-A input-internal-inline-if --protocol udp --match udp --dport 67  --jump ACCEPT
etc


and then, before the final line, to drop 'all other traffic':


-A input-internal-inline-if --jump DROP
%%input_inter_inline_rules%%


You mean something like that..?

MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] firewalling for inline on the packetfence server

[lists via PacketFence-users]

Hi,

We're using packetfence in inline modus for our wifi (10.10.10.0/24) 
segment. The external packetfence interface is inside our dmz lan /24 
segment. (192.84.141.0/24)


We currently firewall on our gateway 192.84.141.1. Even though this 
works, it has the negative side effect that everybody on the wifi 
segment has direct access to the machines in 192.84.141.0/24.


Therefore we would like to firewall outgoing traffic on the packetfence 
machine, to only allow stuff like https, dns, etc, and drop the rest.


However, since packetfence is so buzy with it's own firewall rules and 
adjustments, we're not sure if this is supported, or even possible.


Could anyone shed some light on this..?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence missing snort config

[lists via PacketFence-users]

Hi Fabrice,

On 4-10-2017 14:51, Fabrice Durand via PacketFence-users wrote:
What you can do is to install security onion on another server and 
configure it to send the alert to the packetfence server. (see doc).


We didn't know security union. Thanks for mentioning it!

MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] radius | node remains unreg

[lists via PacketFence-users]

On 3-10-2017 15:11, Fabrice Durand via PacketFence-users wrote:

you can create a connection profile based on the connection type
Ethernet-EAP and activate autoregistration on it.


Perfect!

Worked like a charm! :-)

Thanks Fabrice

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] radius | node remains unreg

[lists via PacketFence-users]

Hi,

We have an pf-inline wifi-segment with a captive portal, and also a 
pf-out-of-band wired network, where we have enabled 802.1x / radius 
authentication for our windows workstations.


We authenticate using the workstation account first, and then change to 
the logged-in user account. This works nicely, but with one problem: the 
windows workstations remains state "unreg" after a successful 
authentication, so from the workstations point of view, nothing seems to 
work.


When we manually change the node MAC status to "reg" in packetfence, 
everything starts working perfectly.


How can we make automate the nodes becomes "reg"-ged, when a windows 
workstations authenticates using 802.1x PEAP? Surely this must be a very 
simple solution / switch somewhere? :-)


I tried creating a catch-all rule in our machines-authentication source, 
setting an access duration for 30 days, but I'm not sure if that is the 
correct approach. Also: this doesn't seem to have the desired effect 
or perhaps I need to restart something manually after changing that?


MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] person_cleanup / node_cleanup not doing anything

[lists via PacketFence-users]

Hi Frederic,

On 19-9-2017 10:39, Frederic Hermann via PacketFence-users wrote:

Well, here we created our own cleanup tasks, using the database-cleaner.pl perl 
script in /usr/local/pf/tools


Did you also find the 'regular' packetfence GUI person_cleanup & 
node_cleanup didn't work..? Or simply never tried those regular gui 
cleanup tools?


Thanks for your reply!
MJ


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] person_cleanup / node_cleanup not doing anything

[lists via PacketFence-users]

On 18-9-2017 12:46, lists via PacketFence-users wrote:

Hi,

No response... :-(

Does that mean that the tasks
- person_cleanup
and
- node_cleanup
are working for everybody here? On 7.1?


Anyone?


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] prevent certain ldap usernames from registering devices

[lists via PacketFence-users]

On 12-9-2017 14:42, Arthur Emerson via PacketFence-users wrote:

What we do with PF 5.x is have a limit (N) on the number of devices that
guest users can register...and then make sure that there are N+1 bogus
MAC addresses registered/active for that user account.  Anyone who tries
to register another device is told that they already have too many
devices registered...


Yes, smart idea. :-) Thanks.

Still I think it would be good functionality for packetfence to allow 
for some exceptions. (as in: blacklist specific accounts, and change 
max_devices for others)


MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] prevent certain ldap usernames from registering devices

[lists via PacketFence-users]

Hi,

Is there a way to 'blacklist' specific ldap usernames from registering 
devices in the packetfence portal?


Running pf 7 with inline guest portal, with an AD ldap-based usersource.

I tried creating a rule under our ldap authentication source:
- condition 'username'
- role REJECT
- access duration (mandatory!) of 0h

While this makes the registration basically fail, but in a way very 
unclear to the end-user. We hope pf has a better way of informing the 
user that this specific account is not allowed to register devices..?


Best regards,
MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] email registration always remains status "incomplete"

[lists via PacketFence-users]

Hi Fabrice, list,

On 13-7-2017 2:23, Durand fabrice via PacketFence-users wrote:

when it happen, can you check in the database just after the duration has been 
extended ?
select * from node where mac="9c:2a:70:31:9b:9f'; 


ok, here it is:

after the link in the registration email has been clicked, the screen 
message says: "email activation code has been verified. Access granted 
until: 2017:08-06 16:20:31"

That is CORRECT, with the expected duration

However, the GUI is then still saying: "Unregistration 2017-07-17 16:40"
That is WRONG!

At that time, the database says:

MariaDB [pf]> select * from node where mac =  'b8:08:cf:58:4d:f0';
+---+---+-+-+-+-+-+--+---++++---+-+-++---+-+--++--++--+-+--+-+---+-++-+
| mac   | pid   | category_id | detect_date | 
regdate | unregdate   | lastskip| time_balance 
| bandwidth_balance | status | user_agent | computername   | notes | 
last_arp| last_dhcp   | dhcp_fingerprint
   | dhcp6_fingerprint | dhcp_vendor | dhcp6_enterprise | 
device_type| device_class | device_version | device_score | bypass_vlan 
| voip | autoreg | sessionid | machine_account | bypass_role_id | last_seen 
  |
+---+---+-+-+-+-+-+--+---++++---+-+-++---+-+--++--++--+-+--+-+---+-++-+
| b8:08:cf:58:4d:f0 | usern...@gmail.com |   2 | 2017-07-17 16:20:14 | 
2017-07-17 16:20:31 | 2017-07-17 16:40:31 | -00-00 00:00:00 | NULL 
|  NULL | reg|| user-Latitude-E7470 |   | 
-00-00 00:00:00 | 2017-07-17 16:21:32 | 
1,28,2,3,15,6,119,12,44,47,26,121,42,121,249,33,252,42 |   |
 |  | Debian-based Linux | Linux| NULL  
 | 80   | | no   | no  |   | NULL|  
 NULL | 2017-07-17 16:22:15 |
+---+---+-+-+-+-+-+--+---++++---+-+-++---+-+--++--++--+-+--+-+---+-++-+
1 row in set (0.00 sec)


It seems to me that the duration extension after clicking the 
confirmation link is never actually recorded into the database? At this 
time, in the GUI under Reports, the httpd.portal email registration is 
still listed as *incomplete*

Which I feel is WRONG. (is *complete*, from the users perspective)

Then, after my access expired, I try the same thing again, only, my mac 
address already exists in the database, but in unreg state.
I am presented with the registration portal, and register again using 
the same details. Receive 20 minutes temp network access, plus a new 
verification link.


When I click that new verification link, the unregistration date is 
successfully recorded into the pf database:



MariaDB [pf]> select * from node where mac =  'b8:08:cf:58:4d:f0';
+---+---+-+-+-+-+-+--+---++++---+-+-++---+-+--++--++--+-+--+-+---+-++-+
| mac   | pid   | category_id | detect_date | 
regdate | unregdate   | lastskip| time_balance 
| bandwidth_balance | status 

Re: [PacketFence-users] Active Directory Domains problem

[lists via PacketFence-users]

Hi,

For you information: starting packetfence 7.2, samba will use 
auto-discovery for DC location. (password server = *)


MJ

On 27-6-2017 15:52, Louis Munro via PacketFence-users wrote:

Hi Luca,
I am no Active Directory expert, but I believe you don't have much to do 
for that since the DC is discovered from the SRV records that AD publishes.


See here for what I mean: 
https://technet.microsoft.com/en-us/library/cc978011.aspx


In any case, you can edit the template files used to generate the samba 
configuration (/usr/local/pf/addons/AD/smb.tt) and configure samba 
exactly how you want it.

If it can be done by Samba, there's a way to do it in PacketFence ;-)

Best regards,
--
Louis Munro
lmu...@inverse.ca   :: www.inverse.ca 


+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) 
and PacketFence (www.packetfence.org )


On Jun 27, 2017, at 09:39, luca comes > wrote:


Louis,
thank you so much your suggestions put me on the right way. So I 
solved my problem and PF is now joined to the domain. i have only one 
more question. As you can imagine I have a redundant AD infrastructure 
but we can put only one DC in the configuration. Is there a way to put 
the second DC inside the configuration so redundancy is guaranteed.


Thanks again

Luca




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] nodes being unregistered after pf upgrade from 5.6 to 7.1

[lists via PacketFence-users]

Hi Fabrice,

Just to provide feedback:

On 21-6-2017 1:10, Durand fabrice via PacketFence-users wrote:
I just tried upgrading our production network from 5.6 to 7.1, and 
even though things seemed to have worked out, after a while we 
discovered that some nodes were 'unregistered' after the upgrade. 
(they were registrered before the upgrade, on 5.6.1)


Also, unlike normally, these unregistered nodes were not directed to 
the captive portal, but they received a firefox timeout error. (pf 
dhcp had given them sane looking ip/gateway/dns)



does the dns answer ?
what about netstat -nlp| grep 80


The problem turned out to be: haproxy not starting, due to a corrupted 
server.pem. (I stupidly pasted something wrong...)


Thanks for your help!

And this might help others: In the case of Let's Encrypt certificates, 
the haproxy cert.pem has to contain:

* server.company.com.cer
* server.company.com.key
and *ALSO*
* fullchain.cer

Otherwise various browsers will complain about the certificate.

Everything running nicely now. :-)

MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] nodes being unregistered after pf upgrade from 5.6 to 7.1

[lists via PacketFence-users]

On 19-6-2017 22:17, lists via PacketFence-users wrote:

Hi,

I just tried upgrading our production network from 5.6 to 7.1, and even 
though things seemed to have worked out, after a while we discovered 
that some nodes were 'unregistered' after the upgrade. (they were 
registrered before the upgrade, on 5.6.1)


Well, it seems that the complaining user was already unregistered on the 
5.6 install. She claims things worked before the upgrade to 7.1, but I 
don't know.


Seems not related to the pf upgrade, anyway.

One question remains: why (being an unreg device on the Inline Layer 2 
network) did she not get the captive portal, but firefox timeout error 
instead?


Do I perhaps need an additional listening daemon "portal" on that 
network? (we don't have that in our packetfence 5.6 config)


MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] nodes being unregistered after pf upgrade from 5.6 to 7.1

[lists via PacketFence-users]

Hi,

I just tried upgrading our production network from 5.6 to 7.1, and even 
though things seemed to have worked out, after a while we discovered 
that some nodes were 'unregistered' after the upgrade. (they were 
registrered before the upgrade, on 5.6.1)


Also, unlike normally, these unregistered nodes were not directed to the 
captive portal, but they received a firefox timeout error. (pf dhcp had 
given them sane looking ip/gateway/dns)


The pf7 install was new, config recreated like the old 5.6 install, and 
the only bits *actually* coming from the 5.6 was the database, upgraded 
running the update-scripts, all the old nodes and users show up in pf7 gui)


I'm not sure which log files would help..? Anyone with tips where to 
start looking?


MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] haproxy | mysql

[lists via PacketFence-users]

On 12-6-2017 20:48, lists via PacketFence-users wrote:
"Project-Id-Version: 7.0.0 POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE 
PO-Revision-Date: 2017-04-19 11:56-0400 Last-Translator: Inverse inc. 
<i...@inverse.ca> Language-Team: English Language: en MIME-Version: 1.0 
Content-Type: text/plain; charset=ASCII Content-Transfer-Encoding: 8bit 
Plural-Forms: nplurals=2; plural=(n != 1); "


Any idea how that could have happened..?
Well, dropped pf database, recreated, reimported, reran all database 
upgrades, and now the nodes appear as well. :-)


Question on the haproxy config on port 3306 remains though.

MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] haproxy | mysql

[lists via PacketFence-users]

Hi,

So, just for fun I tried a fresh install of packetfence 7.1.0 on debian 8.

As far as I know, we need to configure the OS debian to start mysql.

However, also Packetfence tries to start something on port 3306 as well 
(haproxy) so there seems to be a conflict? Found that out, because I 
initially had forgotten to enable the mysql systemd service.


Manually starting mysql after install didn't work, because port 3306 was 
already taken by haproxy. Is that intentional?


The second thing is that imported an production database dump 
(packetfence 5.6.1) , and ran all database upgrades. I can see all my 
users, but instead of nodes, I get one LOOONG line:


"Project-Id-Version: 7.0.0 POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE 
PO-Revision-Date: 2017-04-19 11:56-0400 Last-Translator: Inverse inc. 
 Language-Team: English Language: en MIME-Version: 1.0 
Content-Type: text/plain; charset=ASCII Content-Transfer-Encoding: 8bit 
Plural-Forms: nplurals=2; plural=(n != 1); "


Any idea how that could have happened..?

MJ

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users